Skyrocketing Rate of Cyberattacks Underscores the Need for Certified Data Destruction30
Global threats to cybersecurity have been steadily rising over the last few years, but the magnitude of the trend became glaringly apparent on May 7th when Colonial Pipeline, one of the United States’ largest petroleum pipelines, was forced to proactively shut down due to a cyberattack. A few days later, the FBI confirmed that DarkSide, a well-known group of Russian cybercriminals, was responsible for the ransomware attack.
The profound personal and economic impact of this attack quickly caught the public’s attention. In less than a day, Americans became painfully aware of something most IT professionals have known for years—computer systems are extremely vulnerable and data and network security measures need to be a top priority for all organizations, especially those responsible for vital services and infrastructure.
What are the consequences of cyberattacks and data breaches?
In the past, data breaches amounted to little more than stolen identities and hacked Facebook accounts. Now, however, cybercrime has become big business. Even a small amount of leaked data in the wrong hands can lead to a widespread interruption of essential public services, multimillion-dollar ransom demands, and even violent attacks on people or property.
When we think of cyberattacks, we usually envision shady hackers in dark rooms, hunched over their keyboard and surrounded by an assortment of monitors showing cryptic lines of code and cliché “Access Denied” messages. The reality is often significantly less theatrical. While much of the attack may be performed from behind a keyboard, the breach that initially opened the door to hackers was probably something as common as easily guessed login credentials, a password jotted on a sticky note, or obsolete data left on a long-forgotten hard drive.
What’s the danger of old data on obsolete equipment?
Leaked credentials and poor password hygiene have long been the bane of existence for IT security professionals, but data breaches due to the improper erasure or destruction of data storage devices is a relatively new problem. With the advent of faster, cheaper solid state drives (SSDs) and improved cloud storage, the replacement of hard drives and other legacy storage systems is common. Unfortunately, many IT professionals quickly discover that every computer or server upgrade generates one or more obsolete drives packed with potentially sensitive data.
When old systems are taken out of service, it’s standard practice to just erase or reformat the drives, store them in a locked closet, and simply forget about them. But as more end-of-life systems are upgraded or replaced, the number of accumulated devices grows to the point where keeping them becomes impractical. This is when most IT professionals consider seeking out the services of an electronics recycler. By this point, however, security is often less of a concern. It’s assumed that any residual data on these seemingly empty drives would be unreadable or obsolete, so little consideration is given to destroying it with absolute certainty. Instead, the focus is on merely disposing of the hardware.
Unfortunately, deleting files or reformatting a drive doesn’t always remove all traces of the data. To make matters worse, a fair number of early data storage formats are still in use today, and older encryption methods are easily cracked. Retrieving potentially sensitive information from these legacy devices is easier than many believe. To guarantee complete data removal, hard drives (HDDs) and backup tapes need to be magnetically wiped (degaussed) or mechanically shredded. In the case of solid state drives (SSDs) and thumb drives, the only way to ensure complete data destruction is to shred the drive.
Few e-recyclers guarantee complete data destruction!
Many people assume degaussing or destroying a device is standard practice for all e-recyclers, but that’s not the case. The majority of e-recycling providers give little or no consideration to data destruction. Those who do rarely provide paperwork to clients that explains what happens to their data, assumes liability for any breaches, and puts them at ease that their data security is properly handled. In worst-case scenarios, unethical companies merely package up collected e-waste and ship it elsewhere, typically overseas, for final disposition – a practice that is often illegal or, at the very least, considered immoral as well as hazardous to the people of developing nations.
At Sadoff E-Recycling and Data Destruction, we offer a choice of two levels of data destruction and confirmation. Trusting us to handle the disposal of your data storage devices means you won’t have to worry about your vital electronic information falling into the wrong hands.
To learn how we can help your organization permanently destroy sensitive, obsolete data, contact us today.Tags: certified electronics recycler, cyber security, data destruction, data security, e-recycling, Enterprise IT Asset Destruction, hard drive destruction, IT asset disposition, risks of obsolete equipment